基于keepalived的redis系统master双机热备(读数据负载均衡)设置方案

基于keepalived的redis系统master双机热备，读数据负载均衡设置方案==========================================================================================硬件：

机器

ip

作用

master

redis系统的master主机

slave1

redis系统的slave机器，和master组成双机热备

slave2

redis系统的slave机器，和slave1构成读数据的负载均衡系统

软件：

keepalived，下载地址：

lvs，下载地址：

redis，下载地址：www.redis.io

centos6.4版本

安装：

不采用编译安装的方式，使用yum安装

1.安装kernel-devel：yuminstallkernel-devel.这是ipvsadm需要的

2.安装lvs：yuminstallipvsadm

3.安装keepalived:yuminstallkeepalived

如果无法联网，请去这里考古寻找自己需要的rpm文件

base:/centos/6/os/x86_64/Packages/

update:/centos/6/updates/x86_64/Packages/

下面是需要的rpm文件列表截图kernel-devel需要的文件以及需要的证书lvs需要的文件keepalived需要的文件

注意，三台机器都需要安装keepalived

配置keepalived：

1.centos必要配置：

/etc/sysctl.conf文件

net.ipv4.ip_forward=1#转发开启

2.keepalived必要配置：

master修改/etc/keepalived/keepalived.conf为如下[plain]

\o"viewplain"viewplain\o"copy"copy!ConfigurationFileforkeepalived

global_defs{

notification_email{

邮箱

}

notification_email_from邮箱

smtp_server邮箱服务器地址

smtp_connect_timeout30

router_idLVS_DEVEL

}

vrrp_instanceVI_1{

stateMASTER

interfaceeth0#eth0是要绑定的网卡

virtual_router_id100#同一个vrrp_instance中的值必须一样

priority160

#master的值要高于backup的

advert_int1

authentication{

auth_typePASS

auth_pass1111

}

virtual_ipaddress{

#用于双机热备的虚拟ip

}

}

virtual_server6379{

delay_loop3

lb_algowrr

lb_kindDR

persistence_timeout30

protocolTCP

real_server6379{

weight8

notify_downredis服务失败后要执行的脚本的路径/脚本名

#服务失败后要执行的脚本

TCP_CHECK{

connect_timeout1

nb_get_retry3

delay_before_retry3

connect_port6379

}

}

}

slave1修改/etc/keepalived/keepalived.conf为如下[plain]

\o"viewplain"viewplain\o"copy"copy!ConfigurationFileforkeepalived

global_defs{

notification_email{

邮箱

}

notification_email_from邮箱

smtp_server邮箱服务器地址

smtp_connect_timeout30

router_idLVS_DEVEL

}

vrrp_instanceVI_1{

stateMASTER

interfaceeth0#eth0是要绑定的网卡

virtual_router_id100#同一个vrrp_instance中的值必须一样

priority160

#master的值要高于backup的

advert_int1

authentication{

auth_typePASS

auth_pass1111

}

virtual_ipaddress{

#用于双机热备的虚拟ip

}

notify_master将slave重新转换为slave的脚本

}

vrrp_instanceVI_2{

stateMASTER

#将此slave作为读数据的master

interfaceeth0

virtual_router_id101

priority151

advert_int1

authentication{

auth_typePASS

auth_pass1111

}

virtual_ipaddress{

#用于读取数据的负载均衡的虚拟ip

}

}

virtual_server6379{

delay_loop3

lb_algowrr

lb_kindDR

persistence_timeout30

protocolTCP

real_server6379{

weight1

notify_downredis服务失败后要执行的脚本的路径/脚本名

#服务失败后要执行的脚本

TCP_CHECK{

connect_timeout1

nb_get_retry2

delay_before_retry1

connect_port6379

}

}

real_server6379{

weight8

TCP_CHECK{

connect_timeout10

nb_get_retry3

delay_before_retry3

connect_port6379

}

}

}

virtual_server6379{

delay_loop3

lb_algowrr

lb_kindDR

persistence_timeout30

protocolTCP

real_server6379{

weight8

TCP_CHECK{

connect_timeout10

nb_get_retry3

delay_before_retry3

connect_port6379

}

}

real_server6379{

weight7

TCP_CHECK{

connect_timeout10

nb_get_retry3

delay_before_retry3

connect_port6379

}

}

}

slave2修改/etc/keepalived/keepalived.conf为如下[plain]

\o"viewplain"viewplain\o"copy"copy!ConfigurationFileforkeepalived

global_defs{

notification_email{

邮箱

}

notification_email_from邮箱

smtp_server邮箱服务器地址

smtp_connect_timeout30

router_idLVS_DEVEL

}

vrrp_instanceVI_2{

stateBACKUP

interfaceeth0

virtual_router_id101

priority149

advert_int1

authentication{

auth_typePASS

auth_pass1111

}

virtual_ipaddress{

}

}

virtual_server6379{

delay_loop3

lb_algowrr

lb_kindDR

persistence_timeout30

protocolTCP

real_server6379{

weight8

TCP_CHECK{

connect_timeout10

nb_get_retry3

delay_before_retry3

connect_port6379

}

}

real_server6379{

weight7

TCP_CHECK{

connect_timeout10

nb_get_retry3

delay_before_retry3

connect_port6379

}

}

}

配置redis：

master无需特殊配置slave1则设置为master的从机

slave2则需要设置为的从机，否则在master失效后slave2会无法继续读取数据

需要的脚本：在master执行的脚本:[plain]

\o"viewplain"viewplain\o"copy"copy#!/usr/bin/envbash

ervicekeepalivedstop#需要用户具有权限，不中断keepalived服务虚拟ip无法转移

在slave1执行的脚本：

[plain]

\o"viewplain"viewplain\o"copy"copy#!/usr/bin/envbash

/usr/local/bin/redis-cli-h-p6379slaveofNOONE#将slave1转换为redis的

slave1第二个脚本，在master服务重启后将slave1重新转换为slave状态

最终效果：提供了redis的双机热备服务，则提供了数据读取的负载均衡[plain]

\o"viewplain"viewplain\o"copy"copy#!/usr/bin/envbash

/usr/local/bin/redis-clislaveof6379#将slave1重新转换为redis的slave

需要注意，master每次需要先启动redis服务然后再启动keepalived==========================================================================================基于keepalived、redissentinel的高可用redis集群【修改版】2013年12月12日

⁄综合

⁄共5289字⁄字号

小

中

大

⁄

评论关闭原方案地址原方案硬件机器名IP作用masterredis的master服务器slave1redis的slave服务器slave2redis的slave服务器route1【虚拟IP：】keepalived和redissentinel服务器，承载写redis的VIP【虚拟ip】，做写的双机热备的主master指定route2【虚拟IP：】keepalived和redissentinel服务器，承载读redis的VIP，做读的负载均衡和写的双机热备的master备份路由指定详细的keepalived配置，route1!ConfigurationFileforkeepalivedglobal_defs{

notification_email{

邮箱

}

notification_email_from邮箱@

smtp_server邮箱服务器地址

smtp_connect_timeout30

router_idLVS_DEVEL}vrrp_instanceVI_1{

stateMASTER

interfaceeth1

virtual_router_id100

priority150

advert_int1

authentication{

auth_typePASS

auth_pass1111

}

virtual_ipaddress{

}

}vrrp_instanceVI_2{

stateBACKUP

interfaceeth1

virtual_router_id101

priority101

advert_int1

authentication{

auth_typePASS

auth_pass1111

}

virtual_ipaddress{

}}virtual_server6379{

delay_loop3

lb_algorr

lb_kindDR

persistence_timeout15

protocolTCP

real_server6379{

weight4

notify_up/home/wind/redis_up.sh

MISC_CHECK{

misc_path"/home/wind/redischeck.py6379"

misc_timeout5

}

}

real_server6379{

weight3notify_up/home/wind/redis_up.sh

MISC_CHECK{

misc_path"/home/wind/redischeck.py6379"

misc_timeout5

}

}

real_server6379{

weight3notify_up/home/wind/redis_up.sh

MISC_CHECK{

misc_path"/home/wind/redischeck.py6379"

misc_timeout5

}

}}virtual_server6379{

delay_loop3

lb_algowrr

lb_kindDR

persistence_timeout30

protocolTCP

real_server6379{

weight8

TCP_CHECK{

connect_timeout10

nb_get_retry3

delay_before_retry3

connect_port6379

}

}

real_server6379{

weight2

TCP_CHECK{

connect_timeout10

nb_get_retry3

delay_before_retry3

connect_port6379

}

}

real_server6379{

weight2

TCP_CHECK{

connect_timeout10

nb_get_retry3

delay_before_retry3

connect_port6379

}

}}route2的配置文件!ConfigurationFileforkeepalivedglobal_defs{

notification_email{

#xieqj@

#shanghq@

}

notification_email_fromxieqj@

smtp_server

smtp_connect_timeout30

router_idLVS_DEVEL}vrrp_instanceVI_1{

stateBACKUP

interfaceeth1

virtual_router_id100

priority100

advert_int1

authentication{

auth_typePASS

auth_pass1111

}

virtual_ipaddress{

9

}

#notify_master"/home/wind/redis.sh"

}vrrp_instanceVI_2{

stateMASTER

interfaceeth1

virtual_router_id101

priority151

advert_int1

authentication{

auth_typePASS

auth_pass1111

}

virtual_ipaddress{

0

}}virtual_server96379{

delay_loop3

lb_algorr

lb_kindDR

persistence_timeout15

protocolTCP

real_server036379{

weight4notify_up/home/wind/redis_up.sh

MISC_CHECK{

misc_path"/home/wind/redischeck.py036379"

misc_timeout5

}

}

real_server046379{

weight4notify_up/home/wind/redis_up.sh

MISC_CHECK{

misc_path"/home/wind/redischeck.py036379"

misc_timeout5

}

}

real_server056379{

weight4notify_up/home/wind/redis_up.sh

MISC_CHECK{

misc_path"/home/wind/redischeck.py036379"

misc_timeout5

}

}}virtual_server06379{

delay_loop3

lb_algowrr

lb_kindDR

persistence_timeout30

protocolTCP

real_server046379{

weight8

TCP_CHECK{

connect_timeout10

nb_get_retry3

delay_before_retry3

connect_port6379

}

}

real_server056379{

weight2

TCP_CHECK{

connect_timeout10

nb_get_retry3

delay_before_retry3

connect_port6379

}

}}keepalived的master的MISCH_CHECK监测脚本#!/usr/bin/pythonimportsys,commandscmd="/usr/local/bin/redis-cli-h"+sys.argv[1]+"-p"+sys.argv[2]+"info"#sys.argv是输入的参数,sys.argv[0]是需要执行的命令，以后才是参数。1是ip，2是端口str=commands.getoutput(cmd)ismaster=-100ismaster=str.count("role:master")#原来是使用index方法，但是找不到字符串时会报错zero=0ifismaster>zero:sys.exit(0)#返回0在keepalived表示健康else:sys.exit(1)#返回1表示keepalived检测端口不健康更多MISC_CHECK参考见/thread-845-1-1.htmlredis维护脚本redis_up.sh用在检测到服务启动时#!/usr/bin/envbash/usr/local/bin/redis-cli-h$argv[1]-p6379configsetappendonlynoredis设置与sentinel设置无变化需要特别注意的配置，如果没有这个配置就会发生keepalived不转发的的\o"问题"问题，而且是如果redis和keepalive是同一台机器，会转发，但是如果相互间独立，则realserver收不到转发包配置master

vim/etc/sysctl.conf,添加内容如下net.ipv4.conf.lo.arp_ignore=1net.ipv4.conf.lo.arp_announce=2net.ipv4.conf.all.arp_ignore=1net.ipv4.conf.all.arp_announce=2执行命令sysctl-pipaddradd/32devloipaddradd/32devloipaddlist

lo环上出现了指定的ip即可配置slave1vim/etc/sysctl.conf,添加内容如下net.ipv4.conf.lo.arp_ignore=1net.ipv4.conf.lo.arp_announce=2net.ipv4.conf.all.arp_ignore=1net.ipv4.conf.all.arp_announce=2执行命令sysctl-pipaddradd/32devloipaddradd/32devloipaddlist配置slave2vim/etc/sysctl.conf,添加内容如下net.ipv4.conf.lo.arp_ignore=1net.ipv4.conf.lo.arp_announce=2net.ipv4.conf.all.arp_ignore=1net.ipv4.conf.all.arp_announce=2执行命令sysctl-pipaddradd/32devloipaddradd/32devloipaddlist==========================================================================================硬件机器名IP作用masterredis的master服务器slave1redis的slave服务器slave2redis的slave服务器route1【虚拟IP：】keepalived和redissentinel服务器，承载写redis的VIP【虚拟ip】，做写的双机热备的主master指定route2【虚拟IP：】keepalived和redissentinel服务器，承载读redis的VIP，做读的负载均衡和写的双机热备的master备份路由指定安装与配置见此文安装与配置详细的keepalived配置，route1[plain]

\o"viewplain"viewplain\o"copy"copy!ConfigurationFileforkeepalived

global_defs{

notification_email{

邮箱

}

notification_email_from邮箱

smtp_server邮箱服务器地址

smtp_connect_timeout30

router_idLVS_DEVEL

}

vrrp_instanceVI_1{

stateMASTER

interfaceeth0#eth0是要绑定的网卡

virtual_router_id100#同一个vrrp_instance中的值必须一样

priority160

#master的值要高于backup的

advert_int1

authentication{

auth_typePASS

auth_pass1111

}

virtual_ipaddress{

#用于双机热备的虚拟ip

}

}

virtual_server6379{

delay_loop3

lb_algowrr

lb_kindDR

persistence_timeout30

protocolTCP

real_server6379{

weight8

notify_downredis服务失败后要执行的脚本的路径/脚本名

#服务失败后要执行的脚本

TCP_CHECK{

connect_timeout1

nb_get_retry3

delay_before_retry3

connect_port6379

}

}

}

route2的配置文件[plain]

\o"viewplain"viewplain\o"copy"copy!ConfigurationFileforkeepalived

global_defs{

notification_email{

邮箱

}

notification_email_from邮箱

smtp_server邮箱服务器地址

smtp_connect_timeout30

router_idLVS_DEVEL

}

vrrp_instanceVI_1{

stateMASTER

interfaceeth0#eth0是要绑定的网卡

virtual_router_id100#同一个vrrp_instance中的值必须一样

priority160

#master的值要高于backup的

advert_int1

authentication{

auth_typePASS

auth_pass1111

}

virtual_ipaddress{

#用于双机热备的虚拟ip

}

notify_master"/etc/script/redis.sh"

}

vrrp_instanceVI_2{

stateMASTER

#将此slave作为读数据的master

interfaceeth0

virtual_router_id101

priority151

advert_int1

authentication{

auth_typePASS

auth_pass1111

}

virtual_ipaddress{

#用于读取数据的负载均衡的虚拟ip

}

}

virtual_server6379{

delay_loop3

lb_algowrr

lb_kindDR

persistence_timeout30

protocolTCP

real_server6379{

weight8

TCP_CHECK{

connect_timeout10

nb_get_retry3

delay_before_retry3

connect_port6379

}

}

}

virtual_server6379{

delay_loop3

lb_algowrr

lb_kindDR

persistence_timeout30

protocolTCP

real_server6379{

weight5

TCP_CHECK{

connect_timeout10

nb_get_retry3

delay_before_retry3

connect_port6379

}

}

real_server6379{

weight5

TCP_CHECK{

connect_timeout10

nb_get_retry3

delay_before_retry3

connect_port6379

}

}

}

redis维护脚本redis.sh[plain]

\o"viewplain"viewplain\o"copy"copy#!/usr/bin/envbash

/usr/local/bin/redis-cli-h-p6379shutdown

/usr/local/bin/redis-cli-h-p6379configsetappendonlyno

此脚本用在route2的notify_master，即当route2进入master时执行设置redis的主从关系设置redis的sentinel，配置文件[plain]

\o"viewplain"viewplain\o"copy"copy#Examplesentinel.conf

#port<sentinel-port>

#Theportthatthissentinelinstancewillrunon

port26379

#sentinelmonitor<master-name><ip><redis-port><quorum>

#

#TellsSentineltomonitorthisslave,andtoconsideritinO_DOWN

#(ObjectivelyDown)stateonlyifatleast<quorum>sentinelsagree.

#

#Note:masternameshouldnotincludespecialcharactersorspaces.

#ThevalidcharsetisA-z0-9andthethreecharacters".-_".

sentinelmonitormymaster63792#此处的意思是需要两个哨兵来确认服务是否挂掉

#sentinelauth-pass<master-name><password>

#

#Setthepasswordtousetoauthenticatewiththemasterandslaves.

#UsefulifthereisapasswordsetintheRedisinstancestomonitor.

#

#Notethatthemasterpasswordisalsousedforslaves,soitisnot

#possibletosetadifferentpasswordinmastersandslavesinstances

#ifyouwanttobeabletomonitortheseinstanceswithSentinel.

#

#HoweveryoucanhaveRedisinstanceswithouttheauthenticationenabled

#mixedwithRedisinstancesrequiringtheauthentication(aslongasthe

#passwordsetisthesameforalltheinstancesrequiringthepassword)as

#theAUTHcommandwillhavenoeffectinRedisinstanceswithauthentication

#switchedoff.

#

#Example:

#

#sentinelauth-passmymasterMySUPER--secret-0123passw0rd

#sentineldown-after-milliseconds<master-name><milliseconds>

#

#Numberofmillisecondsthemaster(oranyattachedslaveorsentinel)should

#beunreachable(asin,notacceptablereplytoPING,continuously,forthe

#specifiedperiod)inordertoconsideritinS_DOWNstate(Subjectively

#Down).

#

#Defaultis30seconds.

sentineldown-after-millisecondsmymaster5000

#sentinelcan-failover<master-name><yes|no>

#

#SpecifyifthisSentinelcanstartthefailoverforthismaster.

sentinelcan-failovermymasteryes

#sentinelparallel-syncs<master-name><numslaves>

#

#Howmanyslaveswecanreconfiguretopointtothenewslavesimultaneously

#duringthefailover.Usealownumberifyouusetheslavestoservequery

#toavoidthatalltheslaveswillbeunreachableataboutthesame

#timewhileperformingthesynchronizationwiththemaster.

sentinelparallel-syncsmymaster1

#sentinelfailover-timeout<master-name><milliseconds>

#

#Specifiesthefailovertimeoutinmilliseconds.Whenthistimehaselapsed

#withoutanyprogressinthefailoverprocess,itisconsideredconcludedby

#thesentinelevenifnotalltheattachedslaveswerecorrectlyconfigured

#toreplicatewiththenewmaster(howevera"besteffort"SLAVEOFcommand

#issenttoalltheslavesbefore).

#

#Alsowhen25%ofthistimehaselapsedwithoutanyadvancement,andthere

#isaleaderswitch(thesentineldidnotstartedthefailoverbutisnow

#electedasleader),thesentinelwillcontinuethefailoverdoinga

#"takeover".

#

#Defaultis15minutes.

sentinelfailover-timeoutmymaster90000

#SCRIPTSEXECUTION

#

#sentinelnotification-scriptandsentinelreconfig-scriptareusedinorder

#toconfigurescriptsthatarecalledtonotifythesystemadministrator

#ortoreconfigureclientsafterafailover.Thescriptsareexecuted

#withthefollowingrulesforerrorhandling:

#

#Ifscriptexistswith"1"theexecutionisretriedlater(uptoamaximum

#numberoftimescurrentlysetto10).

#

#Ifscriptexistswith"2"(oranhighervalue)thescriptexecutionis

#notretried.

#

#Ifscriptterminatesbecauseitreceivesasignalthebehavioristhesame

#asexitcode1.

#

#Ascripthasamaximumrunningtimeof60seconds.Afterthislimitis

#reachedthescriptisterminatedwithaSIGKILLandtheexecutionretried.

#NOTIFICATIONSCRIPT

#

#sentinelnotification-script<master-name><script-path>

#

#Callthespecifiednotificationscriptforanysentienleventthatis

#generatedintheWARNINGlevel(forinstance-sdown,-odown,andsoforth).

#Thisscriptshouldnotifythesystemadministratorviaemail,SMS,orany

#othermessagingsystem,thatthereissomethingwrongwiththemonitored

#Redissystems.

#

#Thescriptiscalledwithjusttwoarguments:thefirstistheeventtype

#andthesecondtheeventdescription.

#

#Thescriptmustexistandbeexecutableinorderforsentineltostartif

#thisoptionisprovided.

#

#Example:

#

#sentinelnotification-scriptmymaster/var/redis/notify.sh

#CLIENTSRECONFIGURATIONSCRIPT

#

#sentinelclient-reconfig-script<master-name><script-path>

#

#Whenthefailoverstarts,ends,orisaborted,ascriptcanbecalledin

#ordertoperformapplication-specifictaskstonotifytheclientsthatthe

#configurationhaschangedandthemasterisatadifferentaddress.

#

#Thescriptiscalledinthefollowingcases:

#

#Failoverstarted(aslaveisalreadypromoted)

#Failoverfinished(alltheadditionalslavesalreadyreconfigured)

#Failoveraborted(inthatcasethescriptwaspreviouslycalledwhenthe

#

failoverstarted,andnowgetscalledagainwithswapped

#

addresses).

#

#Thefollowingargumentsarepassedtothescript:

#

#<master-name><role><state><from-ip><from-port><to-ip><to-port>

#

#<state>is"start","end"or"abort"

#<role>iseither"leader"or"observer"

#

#Theargumentsfrom-ip,from-port,to-ip,to-portareusedtocommunicate

#theoldaddressofthemasterandthenewaddressoftheelectedslave

#(nowamaster)inthecasestateis"start"or"end".

#

#Forabortinsteadthe"from"istheaddressofthepromotedslaveand

#"to"istheaddressoftheoriginalmasteraddress,sincethefailover

#wasaborted.

#

#Thisscriptshouldberesistanttomultipleinvocations.

#

#Example:

#

#sentinelclient-reconfig-scriptmymaster/var/redis/reconfig.sh

需要特别注意的配置，如果没有这个配置就会发生keepalived不转发的的问题，而且是如果redis和keepalive是同一台机器，会转发，但是如果相互间独立，则realserver收不到转发包配置master

vim/etc/sysctl.conf,添加内容如下[plain]

\o"viewplain"viewplain\o"copy"copynet.ipv4.conf.lo.arp_ignore=1

net.ipv4.conf.lo.arp_announce=2

net.ipv4.conf.all.arp_ignore=1

net.ipv4.conf.all.arp_announce=2

执行命令[plain]

\o"viewplain"viewplain\o"copy"copysysctl-p

ipaddradd/32devlo

ipaddlist

lo环上出现了指定的ip即可配置slave1vim/etc/sysctl.conf,添加内容如下[plain]

\o"viewplain"viewplain\o"copy"copynet.ipv4.conf.lo.arp_ignore=1

net.ipv4.conf.lo.arp_announce=2

net.ipv4.conf.all.arp_ignore=1

net.ipv4.conf.all.arp_announce=2

执行命令[plain]

\o"viewplain"viewplain\o"copy"copysysctl-p

ipaddradd/32devlo

<prename="code"class="plain">ipaddradd/32devlo</pre>ipaddlist

配置slave2vim/etc/sysctl.conf,添加内容如下[plain]

\o"viewplain"viewplain\o"copy"copynet.ipv4.conf.lo.arp_ignore=1

net.ipv4.conf.lo.arp_announce=2

net.ipv4.conf.all.arp_ignore=1

net.ipv4.conf.all.arp_announce=2

执行命令[plain]

\o"viewplain"viewplain\o"copy"copysysctl-p

ipaddradd/32devlo

ipaddlist

设置sentinelredis的sentinel在配置文件中设定为2，所以route1和route2两台机器都需要配置启动redis的sentinel[plain]

\o"viewplain"viewplain\o"copy"copy/usr/local/bin/redis-server/etc/redis/sentinel.conf--sentinel

==========================================================================================Keepalived原理与实战精讲

gotop&FinalBSD

什么是Keepalived呢，keepalived观其名可知，保持存活，在网络里面就是保持在线了，也就是所谓的高可用或热备，用来防止单点故障(单点故障是指一旦某一点出现故障就会导致整个系统架构的不可用)的发生，那说到keepalived时不得不说的一个协议就是VRRP协议，可以说这个协议就是keepalived实现的基础，那么首先我们来看看VRRP协议

注：搞运维的要有足够的耐心哦，不理解协议就很难透彻的掌握keepalived的了

一，VRRP协议VRRP协议

学过网络的朋友都知道，网络在设计的时候必须考虑到冗余容灾，包括线路冗余，设备冗余等，防止网络存在单点故障，那在路由器或三层交换机处实现冗余就显得尤为重要，在网络里面有个协议就是来做这事的，这个协议就是VRRP协议，Keepalived就是巧用VRRP协议来实现高可用性(HA)的

VRRP协议有一篇文章写的非常好，大家可以直接看这里(记得认真看看哦，后面基本都已这个为基础的了)

帖子地址：/thread-790-1-1.html

只需要把服务器当作路由器即可！

在《VRRP协议》里讲到了虚拟路由器的ID也就是VRID在这里比较重要

keepalived完全遵守VRRP协议，包括竞选机制等等

二，Keepalived原理

Keepalived原理

keepalived也是模块化设计，不同模块复杂不同的功能，下面是keepalived的组件

corecheckvrrplibipfwclibipvs-2.4libipvs-2.6

core：是keepalived的核心，复杂主进程的启动和维护，全局配置文件的加载解析等

check：负责healthchecker(健康检查)，包括了各种健康检查方式，以及对应的配置的解析包括LVS的配置解析

vrrp：VRRPD子进程，VRRPD子进程就是来实现VRRP协议的

libipfwc：iptables(ipchains)库，配置LVS会用到

libipvs*：配置LVS会用到

注意，keepalived和LVS完全是两码事，只不过他们各负其责相互配合而已

keepalived启动后会有三个进程

父进程：内存管理，子进程管理等等

子进程：VRRP子进程

子进程：healthchecker子进程

有图可知，两个子进程都被系统WatchDog看管，两个子进程各自复杂自己的事，healthchecker子进程复杂检查各自服务器的健康程度，例如HTTP，LVS等等，如果healthchecker子进程检查到MASTER上服务不可用了，就会通知本机上的兄弟VRRP子进程，让他删除通告，并且去掉虚拟IP，转换为BACKUP状态

三，Keepalived配置文件详解

keepalived配置详解

keepalived有三类配置区域(姑且就叫区域吧)，注意不是三种配置文件，是一个配置文件里面三种不同类别的配置区域

全局配置(GlobalConfiguration)

VRRPD配置

LVS配置

一，全局配置

全局配置又包括两个子配置：

全局定义(globaldefinition)

静态路由配置(staticipaddress/routes)

1，全局定义(globaldefinition)配置范例global_defs{notification_email{admin@}notification_email_fromadmin@smtp_serverstmp_connect_timeout30router_idnode1}复制代码全局配置解析

global_defs全局配置标识，表面这个区域{}是全局配置notification_email{admin@admin@}复制代码表示keepalived在发生诸如切换操作时需要发送email通知，以及email发送给哪些邮件地址，邮件地址可以多个，每行一个

notification_email_from

admin@

表示发送通知邮件时邮件源地址是谁

smtp_server

表示发送email时使用的smtp服务器地址，这里可以用本地的sendmail来实现

smtp_connect_timeout30

连接smtp连接超时时间

router_idnode1

机器标识

2，静态地址和路由配置范例static_ipaddress{/24brd+deveth0scopeglobal/24brd+deveth1scopeglobal}static_routes{src$SRC_IPto$DST_IPdev$SRC_DEVICEsrc$SRC_IPto$DST_IPvia$GWdev$SRC_DEVICE}复制代码

这里实际上和系统里面命令配置IP地址和路由一样例如：

/24brd+deveth0scopeglobal相当于:ipaddradd/24brd+deveth0scopeglobal

就是给eth0配置IP地址

路由同理

一般这个区域不需要配置

这里实际上就是给服务器配置真实的IP地址和路由的，在复杂的环境下可能需要配置，一般不会用这个来配置，我们可以直接用vi/etc/sysconfig/network-script/ifcfg-eth1来配置，切记这里可不是VIP哦，不要搞混淆了，切记切记！

二，VRRPD配置

VRRPD配置包括三个类

VRRP同步组(synchroizationgroup)

VRRP实例(VRRPInstance)VRRP脚本

1，VRRP同步组(synchroizationgroup)配置范例vrrp_sync_groupVG_1{group{httpmysql}notify_master/path/to/to_master.shnotify_backup/path_to/to_backup.shnotify_fault"/path/fault.shVG_1"notify/path/to/notify.shsmtp_alert}复制代码其中：group{httpmysql}复制代码http和mysql是实例名和下面的实例名一致

notify_master/path/to/to_master.sh：表示当切换到master状态时，要执行的脚本notify_backup/path_to/to_backup.sh：表示当切换到backup状态时，要执行的脚本notify_fault"/path/fault.shVG_1"复制代码notify/path/to/notify.sh：

smtpalter表示切换时给globaldefs中定义的邮件地址发送右键通知

2，VRRP实例(instance)配置范例vrrp_instancehttp{stateMASTERinterfaceeth0dont_track_primarytrack_interface{eth0eth1}mcast_src_ip<IPADDR>garp_master_delay10virtual_router_id51priority100advert_int1authentication{auth_typePASSautp_pass1234}virtual_ipaddress{#<IPADDR>/<MASK>brd<IPADDR>dev<STRING>scope<SCOPT>label<LABEL>7/24deveth18/24deveth2labeleth2:1}virtual_routes{#src<IPADDR>[to]<IPADDR>/<MASK>via|gw<IPADDR>dev<STRING>scope<SCOPE>tabsrcto/24via54deveth1/24via54deveth1/24deveth2/24via54}nopreemptpreemtp_delay300debug}复制代码

state：state指定instance(Initial)的初始状态，就是说在配置好后，这台服务器的初始状态就是这里指定的，但这里指定的不算，还是得要通过竞选通过优先级来确定，里如果这里设置为master，但如若他的优先级不及另外一台，那么这台在发送通告时，会发送自己的优先级，另外一台发现优先级不如自己的高，那么他会就回抢占为master

interface：实例绑定的网卡，因为在配置虚拟IP的时候必须是在已有的网卡上添加的

donttrackprimary：忽略VRRP的inte